Is China's hacking a blessing in disguise?

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.oregonlive.com/opinion/index.ssf/2015/06/is_chinas_hacking_a_blessing_i.html

The latest hacking of U.S. government data files, capturing personal
information on about 4 million past and present government workers, has
predictably stirred outrage. The allegation that the hacking came from
China (no published evidence either confirms or refutes this widespread
belief) has compounded the anger. We are incensed at the brazenness of the
Chinese and embarrassed by our vulnerability. It's a national scandal.

Actually, that's not quite right.

It's also a blessing in disguise. The same might be said of most, if not
all, other hackings. The more hackings there are -- and the more harmful
they seem to be -- the more likely that, at some point, public opinion and
political authority will begin to take the threat seriously. They will
recognize that hacking, at its worst, can jeopardize the nation's physical
and economic security. The dangers compare with a serious recession or even
war.

Until now, the hacking has been at another level. It comes in a variety of
forms: the stealing of business information (including, presumably, trade
secrets) from U.S. companies; the theft of credit-card and other individual
financial information; spying on government and commercial networks.

All of these can involve sizable costs and inconvenience for those directly
affected. The victims of identity theft are tortured both financially and
psychologically. Companies that have lost proprietary information may
suffer profit declines. Government agencies that have been penetrated
(including the IRS and email systems of the White House and State
Department) may involve the loss of sensitive personal or policy documents.
The well-publicized hacking of Sony Pictures produced an outpouring of
embarrassing material.

But none of these intrusions threatens the everyday routines of the
overwhelming majority of Americans. Unless they happen to us, cyberattacks
are just someone else's problem or tragedy. They're the hurricane and the
tornado on the evening news or the random shooting in an inner-city
neighborhood. They're unfortunate and perhaps devastating -- but isolated.

This may be self-delusion. What we ultimately have to fear from hackers is
that they -- and this would apply mostly to hostile governments and
terrorist groups -- will get inside our most sensitive data systems with
the intent of causing havoc. They would hijack, destroy or corrupt the data
systems that regulate energy, control financial transactions, contain
medical records, and oversee transportation networks. Everyday life would
be disrupted for countless millions.

We don't know our full vulnerability because these attacks have yet to be
mounted on a grand scale. But given the success of lesser hacking, it's
hard to be confident that this most destructive variety is simply the
figment of an overactive imagination. This is true cyber warfare. We need
to protect against it and also to stop making more and more systems
dependent on the Internet -- an act of commercial convenience that, with
hindsight, may seem self-destructive.

Until we recognize the threat's gravity, we need to be constantly reminded.
That's why the relentless hacking may be doing us a favor.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!